Privacy Policy
Prepared 22.03.2019
Tietoa Finland Oy customer register privacy policy
Document in accordance with the General Data Protection Regulation (EU) 2016/679 concerning data protection practices.
1. Data Controller
Tietoa Finland Oy (Business ID 1622220-6)
Satamaradankatu 1
00510 Helsinki
2. Data Controller's Contact Person
Heta Ehavald
Satamaradankatu 1
00510 Helsinki
3. Purpose of the Register and Legal Basis for Processing
Personal data is used to manage customer relationships and partnerships, as well as to target advertising and/or direct marketing by the data controller and/or its partners based on customer data through the data controller's media and services. The legal basis for processing is either the person's consent or a contractual relationship in which the registered person is a party, a party's representative, or a contact person.
4. Data Contained in the Register
The register may contain the following data:
– Name
– Email address
– Phone number
– Organization and position
– Organization's address details and Business ID
– Other information voluntarily provided by the registered person.
5. Regular Data Sources and Disclosure of Personal Data
The data contained in the register is regularly obtained from the registered person themselves. Participant lists of group projects and events may be shared among persons participating in group projects or events. The data controller does not regularly disclose registered persons' data to third parties, except as required by Finnish legislation or authorities. Data is not transferred outside the EU or EEA.
6. Principles of Register Protection
Manually stored data is kept in a locked facility. Electronically stored data is located on a password-protected server. Persons processing personal data are bound by confidentiality regarding the information obtained from the register.
7. Right to Inspect, Correct, and Delete Data
Everyone has the right to inspect what data concerning them is stored in the personal register. An inspection request must be sent to the contact person (see section 3) in writing and signed, by post or email. Persons in the register have the right to require the data controller to correct, delete, or supplement any incorrect, unnecessary, incomplete, or outdated personal data in the register for the purpose of data processing by contacting the person responsible for register matters in writing (see section 3). You may also withdraw your consent at any time. You also have the right to file a complaint with the data protection authority if you believe your data is being used in violation of regulations.
8. Retention Periods for Personal Data
Personal data whose processing is no longer necessary, for example due to a terminated customer relationship or group project, is deleted once a year.
